University of Minnesota




ReqsCov is a tool which allows a user to measure the requirements coverage provided by a test suite over a Lustre model. The tool allows three requirements coverage metrics (each defined over Linear Temporal Logic requirements) to be measured: naive coverage, antecedant coverage, and Unique First Clause (UFC) coverage.


The Crisys Eclipse plugin update site is found here:
The ReqsCov command line tool is found here:


Installation of ReqsCov is done as follows: First, the command line tool must be installed. This is as simple as downloading the tool, unpacking it into an appropriate directory (e.g. "C:\Crisys_Tools"), and then adding said directory to your working path. Note that currently, ReqsCov is only available for Windows and has only been tested on Windows XP.
Second, a ReqsCov Eclipse plugin can be installed. While this plugin is not required to use ReqsCov, it is a little easier than using the command line tool. The plugin requires that the command line tool be already installed.
A command line usage message is displayed by calling "ReqsCov" with no arguments. The ReqsCov Eclipse plugin is used by selecting "ReqsCov" from the "FormulaEvaluator" menu.


Below is a list of papers related to ReqsCov. These papers outline the requirements coverage metrics measured by ReqsCov and the reasoning behind using such metrics. (Papers outlining the effectiveness of the metrics are forthcoming.)

  • Whalen, M. W., Rajan, A., Heimdahl, M. P., and Miller, S. P. 2006. Coverage Metrics for Requirements Based Testing. In Proceedings of the 2006 international Symposium on Software Testing and Analysis (Portland, Maine, USA, July 17 - 20, 2006). ISSTA '06. ACM, New York, NY, 25-36.

  • Ajitha Rajan, "Coverage Metrics to Measure Adequacy of Black-Box Test Suites" Automated Software Engineering, 2006. ASE '06. 21st IEEE/ACM International Conference on , vol., no., pp.335-338, Sept. 2006

    SMACCM Tools

    New generations of military vehicles, including unmanned air vehicles (UAVs), are almost universally being equipped with network interfaces. In addition to the baseline control and monitoring capabilities, network connectivity can provide advanced features such as the ability to adapt to new missions through field upgrades and remote access for maintenance. These network connections typically rely on standard protocols for compatibility with other networked systems and reduction of cost through the use of COTS equipment. As UAV systems continue this rapid evolution toward network access, there is great danger that insufficient attention is being paid to security concerns. A new approach based on comprehensive use of formal methods throughout the development process is needed to ensure that such vulnerabilities are eliminated from critical military assets. Rockwell Collins and University of Minnesota teams bring together key technologies and leading researchers with the experience needed to create a revolutionary approach to the development of these high-assurance systems.


    FM Workbench: This software package contains the AADL model and some verification properties for the unmanned aerial system used as part of the Secure Mathematically-Assured Composition of Control Models (SMACCM) research project under the HACMS program. This package also contains the Lute plug-in for OSATE in which the properties are encoded.

    META Tools

    The Rockwell Collins/UMN META toolset was developed under DARPA's META program.


    META-demo: This Eclipse-based toolset provides a SysML-AADL translator, a static model verification tool (Lute), and a compositional verification tool (AGREE) based on the JKind model checker. It requires the OSATE AADL tool environment.

    • Website design by Gregory Gay and Anitha Murugesan.
    • © 2012 Regents of the University of Minnesota. All rights reserved.
    • The University of Minnesota is an equal opportunity educator and employer. Privacy
    • Last modified on March 4, 2013